If a malicious developer were to exploit the flaw, he'd gain total control of the compromised phone. It would be effortless to steal a user's contacts and photos or to send text messages remotely.

Miller was surprised by his discovery and brought it to Apple's attention three weeks ago. He was told a fix was in the works.

For the sake of demonstration, Miller created a dummy app called Instastock that takes advantage of security loophole. It was designed only to work with his own hardware, but Apple was so unhappy with his actions that it banned him from the developer program for a year.

"I think it's pretty rude," he told CNN. "If you think about what I'm doing -- I'm pointing out a flaw that would affect everybody and that the bad guys could use to install malware. And they're not paying me, I'm just doing it to be nice."